Six ways in which Google make it as difficult as possible to avoid using their products in on your Android mobile device:
- Despite the Android executable package format (APK) being an open standard, and the vast majority of apps being written by third parties, by default Google forces users to obtain apps through its walled-off Play Store. Users and developers must register with Google, and Google decides what stays up and what (e.g. ad-blockers) do not. So we have a situation where neither the supplier, nor the user, has anything to do with Google – and yet Google still has the whip hand. Naturally, Google will mutter something about how this is more secure – but of course there are thousands of dubious apps available there. Google goes to great lengths to block circulation of APKs independently of the App store, can remove anything at any time, can block or force updates…
- Most Android distributions include Google Mobile Services (GMS). This is a set of tools and interfaces including Google Play Services which purport to provide commonly used functions for Android apps (in the software world we’d call these APIs). The thing is: that very few of the applications that use these APIs actually need the functionality Google provides (this might be hard to believe – but see below!). But because GMS is available on so many Android systems, very many app creators create a hard dependency to it – even when functionally it is doing very little (perhaps nothing, as far as the user is concerned). Don’t have Google on your phone? Suddenly you’ll find you can’t run your banking or healthcare apps.
- One aspect of GMS that does do something, albeit against the users interests, is tracking and data harvesting. Most trackers and “analytics” (i.e. spyware) uses GMS, as well as the location APIs which primary function is not to tell the user where they are, but rather to track the user.
- There is actually yet another level of restrictions on top of this attempting to lock you into Google. This is SafetyNet, a Google feature marketed as “tamper resistance” – but of course the main intention is to stop the user “tampering” with their own device. If you try to disable the Google components mentioned above, this can fail, and some apps then treat your device as if it’s compromised.
- The Chrome browser is baked very deeply into the Android OS as the System Webview. This is an embedable browser separate to the one generally accessible to the user that very many applications – including e.g. banking apps – use to render HTML content. What are the security and privacy implications of this? There is almost no information. It’s very reminiscent of the bad old days of Windows 98 and Microsoft’s pushing of Internet Explorer.
- The vast majority of Android distributions are proprietary, and forcibly include Google software, including Chrome, Play, and Mobile services. Generally this is not removable by the user and runs all the time. Indeed, Google uses its position to force phone suppliers to include Google search bars on phone homescreens.